CLAIM AMENDMENTS 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1 . (Withdrawn) A method for securely transferring data across an optical-switched 
(OS) network, comprising: 

distributing security keys to edge nodes in the OS network; 

encrypting, at a source edge node, data to be sent from the source edge node to a 
destination edge node, said data encrypted with a security key distributed to the source 
node; 

sending the data along a virtual lightpath between the source and destination 
edge nodes, the virtual lightpath spanning at least one lightpath segment; and 

decrypting, at the destination edge node, the encrypted data that are sent. 

2. (Withdrawn) The method of claim 1, wherein the OS network comprises an 
optical burst-switched (OBS) network. 

3. (Withdrawn) The method of claim 2, wherein the OBS network comprises a 
photonic burst-switched (PBS) network. 

4. (Withdrawn) The method of claim 2, wherein the PBS network comprises a 
wavelength-division multiplexed (WDM) PBS network. 

5. (Withdrawn) The method of claim 1 , wherein the security keys are distributed by 
distributing a common decryption and encryption key pair to each of the edge nodes. 
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6. (Withdrawn) The method of claim 1 , wherein the security keys are distributed 
by: 

distributing a respective decryption key to each of the edge nodes, each 
respective decryption key being particular to its node; and 

distributing respective sets of encryption keys to each node, each set of 
encryption keys for a given node including encryption keys corresponding to the 
decryption keys distributed to each of the other edge nodes. 

7. (Withdrawn) The method of claim 1 , wherein the security keys are distributed 
by: 

distributing a respective private key to each of the edge nodes, each respective 
private key being particular to its node; and 

distributing respective sets of digital certificates sets to each node, each set of 
digital certificates for a given node containing a set of public keys corresponding to the 
private keys distributed to each of the other edge nodes. 

8. (Withdrawn) The method of claim 6, further comprising self-generating the 
digital certificates. 

9. (Withdrawn) The method of claim 8, further comprising: 
for each edge node, 

self-generating an digital certificate containing a public key that is asymmetric to 
the private key for the edge node; and 

sending the digital certificate to each of the other edge nodes. 

1 0. (Withdrawn) The method of claim 9, further comprising: 

for at least one node, 
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generating a private key for the edge node via key-generation facilities provided 
by the edge node; and 

generating the public key for the edge node via the key-generation facilities. 

1 1 . (Withdrawn) The method of claim 7, further comprising: 

sending security data to a certificate authority, the security data defining public 
keys that are to be included in respective digital certificates; and 

receiving authenticated digital certificates from the certificate authority. 

12. (Withdrawn) The method of claim 1 1 , wherein the security data is sent from an 
administrator of the OBS network. 

1 3 . (Withdrawn) The method of claim 9, further comprising: 
generating a respective set of security data at each edge node; and 

sending the respective set of security data from each edge node to the certificate 
authority. 

1 4. (Withdrawn) The method of claim 1 , further comprising sending security keys to 
the edge nodes using a communication channel that is external to the OBS network to 
distribute the security keys. 

1 5. (Withdrawn) The method of claim 1 , further comprising sending security keys to 
the edge nodes using an out-of-band channel of the OBS network to distribute the 
security keys. 
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1 6. (Withdrawn) The method of claim 1 5, further comprising sending security data 
via a control burst for the OBS network, the security data including one or more security 
keys or containing information from which one or more security keys can be derived. 

1 7. (Withdrawn) The method of claim 1 , further comprising sending information to 
each edge node identifying at least one of an encryption algorithm and decryption 
algorithm to be employed to encrypt and/or decrypt the data via the security keys. 

1 8. (Withdrawn) The method of claim 1 7, further comprising sending encryption 
and/or decryption code to an edge node, the encryption and/or decryption code to be 
executed to perform encryption and/or decryption operations. 

1 9. (Currently Amended) A tangible machine-readable medium to provide 
instructions, which when executed by a processor in a source edge node of an optical 
switched (OS) network cause the source edge node to perform operations including: 

encrypting data to be sent to a destination edge node; 

generating a control burst, the control burst containing information to reserve 
network resources to form a virtual lightpath between the source edge node and the 
destination edge node during a scheduled timeslot, the virtual lightpath including at least 
one lightpath segment; 

e mb e dding adding information [[in]]_to the control burst identifying one or more 
data bursts to be sent from the source edge node to the destination edge node will be 
encrypted; 

sending the control burst to a first hop along the virtual lightpath, the first hop 
comprising one of a switching node or the destination edge node; and 

sending said one or more data bursts containing the data that are encrypted to the 
first hop along the virtual lightpath during the scheduled timeslot. 
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20. (Currently Amended) The tangible machine-readable medium of claim 19, 
wherein execution of the instructions further perform the operation of sending an 
encryption key to each of a plurality of edge nodes in the OS network. 

21. (Currently Amended) The tangible machine-readable medium of claim 20, 
wherein execution of the instructions performs the operation of sending the encryption 
key to an edge node by: 

generating a control burst containing security data including the encryption key 
or data from which the encryption key can be derived; and 

sending the control burst to a first hop along a virtual lightpath coupling the edge 
node sending the control burst to [[and]]_an edge node receiving the control burst, the 
first hop comprising one of the edge node receiving the control burst or a switching 
node. 

22. (Currently Amended) The tangible machine-readable medium of claim 2 1 , 
wherein the security data include an digital certificate. 

23 . (Currently Amended) The tangible machine-readable medium of claim 22, 
wherein execution of the instructions performs the further operation of generating a self- 
signed digital certificate. 

24. (Currently Amended) The tangible machine-readable medium of claim 2 1 , 
wherein the security data include one of information identifying an encryption algorithm 
used to encrypt the data or executable code that may be used to decrypt the certificate. 
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25. (Currently Amended) The tangible machine-readable medium of claim 20, 
wherein an encryption key is sent to an edge node via a communication channel that is 
external from the OS network. 

26. (Currently Amended) The tangible machine-readable medium of claim 1 9, 
wherein execution of the instructions performs further operations including: 

generating an encryption key, the encryption key to be used to encrypt the data; 

and 

generating a decryption key corresponding to the encryption key. 

27. (Currently Amended) The tangible machine-readable medium of claim [[ 1 911 20, 
wherein execution of the instructions performs further operations including: 

generating security data including the decryption key and identifying the 
decryption key as a public key, the security data comprising data from which an digital 
certificate may be issued; and 

sending the security data to a certificate authority. 

28. -38. (Canceled) 
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